Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.3

    LOW
    CVE-2025-58470

    A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability ... Read more

    Affected Products : qsync_central
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Path Traversal

  • 4.7

    MEDIUM
    CVE-2026-26079

    Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.... Read more

    Affected Products : webmail
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Injection

  • 3.6

    LOW
    CVE-2025-54155

    An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or proce... Read more

    Affected Products : file_station
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Denial of Service

  • 3.7

    LOW
    CVE-2025-14592

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized operations by submitt... Read more

    Affected Products : gitlab
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Authorization

  • 3.6

    LOW
    CVE-2025-57711

    An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or proces... Read more

    Affected Products : qsync_central
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Denial of Service

  • 8.5

    HIGH
    CVE-2019-25307

    WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Misconfiguration

  • 1.3

    LOW
    CVE-2025-54146

    A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in ... Read more

    Affected Products : qsync_central
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 1.3

    LOW
    CVE-2026-22894

    A path traversal vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability... Read more

    Affected Products : file_station
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2024-36316

    The integer overflow vulnerability within AMD Graphics driver could allow an attacker to bypass size checks potentially resulting in a denial of service... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Denial of Service

  • 1.2

    LOW
    CVE-2025-58472

    A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnera... Read more

    Affected Products : qsync_central
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 1.2

    LOW
    CVE-2025-66274

    A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have ... Read more

    Affected Products : quts_hero
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Denial of Service

  • 5.1

    MEDIUM
    CVE-2025-13649

    An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not necessary, but the action must be performed) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payl... Read more

    Affected Products : zeusweb
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-36324

    Improper input validation in AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary code execution.... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 1.3

    LOW
    CVE-2025-54147

    A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in ... Read more

    Affected Products : qsync_central
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2025-54162

    A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vul... Read more

    Affected Products : file_station
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Path Traversal

  • 4.9

    MEDIUM
    CVE-2025-54149

    An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerab... Read more

    Affected Products : qsync_central
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2026-1387

    GitLab has remediated an issue in GitLab EE affecting all versions from 15.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to cause Denial of Service by uploading a malicious file and repeatedly qu... Read more

    Affected Products : gitlab
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Denial of Service

  • 8.5

    HIGH
    CVE-2019-25308

    Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files i... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Misconfiguration

  • 1.3

    LOW
    CVE-2025-58467

    A relative path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulne... Read more

    Affected Products : qsync_central
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-15096

    The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.6. This is due to the plugin not properly validating a user's identity prior to updating their deta... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Authentication
Showing 20 of 5094 Results